Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-25643

    The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access informat... Read more

    Affected Products : fiori
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-0509

    Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal AS... Read more

    Affected Products : .net_framework mono
    • Published: Mar. 14, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1271

    Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script.... Read more

    Affected Products : an-http
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-7280

    Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.... Read more

    Affected Products : web_ui
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-0526

    Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which... Read more

    Affected Products : pblang
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-6997

    An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a... Read more

    Affected Products : gitlab
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2003-1348

    Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field.... Read more

    Affected Products : guestbook
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-9849

    LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote r... Read more

    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-3968

    Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.... Read more

    Affected Products : punbb
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-0660

    Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3.... Read more

    Affected Products : d-forum
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0649

    Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities."... Read more

    Affected Products : safehtml
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-3760

    Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php.... Read more

    Affected Products : vanilla
    • Published: Aug. 21, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2003-1312

    siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.... Read more

    Affected Products : siteminder
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-4127

    Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTas... Read more

    Affected Products : internet_explorer windows_xp
    • Published: Sep. 18, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-2358

    Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : phpbb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-3272

    accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a ... Read more

    Affected Products : manageengine_adselfservice_plus
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-0662

    Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field.... Read more

    Affected Products : mercuryboard
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1499

    Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field.... Read more

    Affected Products : helm_control_panel
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2379

    Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.... Read more

    Affected Products : at_mail_webmail_system
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1566

    Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter.... Read more

    Affected Products : silent-storm_portal
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 294837 Results